Well,  you probably carry out risk assessments, whether formal or not, everyday as part of your business activities.   Is this new customer a risk?  Can I afford this new piece of machinery or will not having it hurt the business?  Should I take on this new applicant?  Etc Etc.  Cyber is no different.  Marrying up the threats with knowing how vulnerable you may be to those threats, and applying that to your assets, gives you a risk score.  We have several articles in our News and Articles section, to help guide you.

This has long been an issue, not just with SMEs but also with much larger companies who really should know better.  Cyber security is a business issue, not an IT issue.  If you get hit with a cyber attack or data breach, it’s not your IT supplier that gets hurt, it’s your business.  You know you can’t afford a full time cyber professional, and often, neither can your IT support company.  Again, we have articles about this which can explain more.

We recognise that SMEs don’t have a bottomless pit of money and can’t afford to spend on things that aren’t their core business. But ask yourself this; how long do you think you could survive without your IT systems if you were subject to a cyber attack?  We have devised protections at some really affordable prices, with you in mind.

The Cyber Maturity Assessment or CMA, is a stand alone project that is carried out to assess exactly where you stand in regard to cyber security, taking into account people, process and then, technology. It measures your current position against an industry standard Cyber Maturity Model and then compares that result to a pre-agreed point on the model, that you would wish to reach. Once that is done a fully costed plan is produced to remediate the gap, in a way that suites your priorities and budget.

A very well regarded cyber security expert, Bruce Schneier, an American scientist working out of Harvard Univeristy, says that if you think technology can solve our security problems, then you don’t understand the technology and you don’t understand the problems. Harsh? Perhaps, but a considerable amount of the controls, ie those things we put in place to reduce our risk exposure, are in fact procedural rather than technical and therefore our processes and policies need to reflect that. It is also vital that our people understand the issues they face.

In this context, an asset can be many things. They are usually considered to be data, ie an individual piece of data, or a whole database. They might equally be a critical application, a critical piece of hardware or software, or indeed a person (if that person does not have a deputy and is vital to the operation of your IT systems). Assets will differ from company to company and it needs careful thought, but what is necessary is that they are identified and registered. H2 offers a way to automate that to a large degree.

Yes we do. We can either provide classroom based training on site, or we can provide it online over Zoom, Teams or any other technology you might prefer.

Yes we do. If a customer is buying a managed service, then a service manager will be provided as a POC. However we also provide a service whereby a customer can buy so many hours a month of a security consultant, to act as their security advisor. This can be as low as 5 hours a month for around £300.

At the basic level, the pricing is done per seat. We either sell the product licenses to allow you to manage them yourself, or as a managed service, on their own or along with other products and services to provide 360 degree coverage. The majority of our products and services are provided on a 30 day rolling contract so you can opt out with 30 days notice. However some products, notable anti-malware and access management, is sold on a 1-3  year contract, although payment can be monthly. That is directed by the vendor and out of our control. Taking more than one product as a managed service does reduce the management charge considerably.